Password Protection Act of 2012 filed

A new bill is filed to prevent employers from asking employees and job candidates for their passwords to social networking sites.

Back in March, I wrote a blog about how some potential employers were asking job candidates for their social media passwords in order to screen their accounts.

On May 9, Senator Richard Blumenthal (D-CT), Representative Martin Heinrich (D-NM), and a number of cosponsors filed the Password Protection Act of 2012 (PPA) in the Senate and House. The bill is meant to prevent employers from strong-arming employees and job applicants into sharing information from their personal social networking accounts.

Who and what is covered

The PPA is sweeping in scope. According to the ACLU web site, "It doesn't just apply to just Facebook or social networks, but rather to any situation when an employer coerces an employee into providing access to information held on any computer that isn't owned or controlled by the employer." Even if the employee is looking at a social network on his work computer, his employer still can't force that employee to disclose a password, because "that would allow the employer to access another computer (that of the social network)." This protection extends to Gmail accounts, photo sharing sites, and an employee's own smartphone.

Who and what is not covered

The ALCU believes the Act doesn't offer protection to enough people. Some of the exceptions include:

It allows states to exempt government employees or employees who work with children under the age of 13.

It allows the executive branch to exempt whole classes of workers if they come into contact with classified information, including soldiers.

About Toni Bowers

Toni Bowers is Managing Editor of TechRepublic and is the award-winning blogger of the Career Management blog. She has edited newsletters, books, and web sites pertaining to software, IT career, and IT management issues.

Full Bio

Toni Bowers is Managing Editor of TechRepublic and is the award-winning blogger of the Career Management blog. She has edited newsletters, books, and web sites pertaining to software, IT career, and IT management issues.

One of the reasons employers (that do) ask for passwords is to see the stuff people are hiding from public view. But honestly, how much stuff is being hidden? People still aren't implementing available security controls on the information they publish; theoretically, there can't be a whole lot of difference between what an employer can glean from a web search and what lies beyond the proverbial password. In truth, there should never have been a need for a 'password protection act'. For the most part, people make it unnecessary.

Since I can remember (and that's a long time), computer systems have always logged every keystroke for a couple of reasons. First it was for accountability, then to be able to restore functions then we discovered the marketing treasure trove hidden within the data collected. It fueled whole industries like junk mail and telemarketing. Using the info gleaned to target specific demographics is not new. Heck we did this back in 83-84 with credit card data no less.
So to sit back now and think that you can have any form of privacy in today's digital world is a ridiculous notion and just needs to stop. Apple since iTunes can tell potential musicians exactly how many of it's subscribers will be interested in their specific style or type of music. That's just music, not to mention each internet search, online purchase or interface with your local library. All of which is captured and re-purposed. That's the way it is, that train has left the station.

I disagree with the idea that "your social networking site isn't your private life, you are intentionally making it public." My social networking site is behind a password and only available for view by those to whom I give permission. The fact that I have a social networking site may be public, but the site is not.

What on earth makes you think your Facebook page is private .. any of it? How many times has Zuck openly stated there is no privacy and laughed at the idea that anybody would think that way? How many times has he, without anybody's knowledge or consent, opened everything to everybody? And if you don't think, during that time before it was caught and he delivers the obligatory 'apology,' there wasn't a lot of data mining going on .. there's a bridge I'd like to sell you.
And I guess what puzzles me is what do you have to hide? That you'd be a huge security risk to the company hiring you? That you said you don't do anything illegal on your application, but your FB page shows you cooking meth in the kitchen?

I read the stories about employers asking for applicants passwords to their Facebook accounts, so I'm sure it happens, but I don't know anyone who has ever experienced it. I don't think this is a runaway problem and don't think the government needs to regulate it. This kind of reactionary legislation will have unforeseen consequences.
To jwhite I say, "what happens on your social networking site isn't your private life, you are intentionally making it public." If you don't want your employer to see it, don't post it. And to leichim I say, "Awesome. I completely agree." If an employer has the audacity to ask for that kind of information I'd give him a few choice words and walk away.Who knows, maybe its a test to see how easily you would give away company secrets... ;-)

This is an issue that needs to be pressed by as many users as possible. Someone with the resources (like techrepublic) needs to sponsor a poll that can be sent to the proper representatives to show the public concern. I for example am concerned. If access to this information is necessary then a court order should be required. That would satisfy law enforcement and negate any HR employees desire to look at other peoples private lives.

I could not believe that companies were doing this privacy invasion at all. Even if the potential employee gives their permission, all of that person's friends did not, so they were invading the privacy of every person on the potential employee's friends list!

You maybe right but one thing politics has taught me is ANYTHING can be spun to good or evil. You put up a picture of your nephews 4th birthday party and someone can spill that as "Oh look at him, he is a child molester." You may laugh but this is true, we live in a world of half-truths and lies twisted to be true.

"what happens on your social networking site isn't your private life, you are intentionally making it public."
Only those parts I deliberately make public are public, and they don't need a password to see it. Otherwise it's private.